table of contents
- bookworm 252.30-1~deb12u2
- bookworm-backports 254.16-1~bpo12+1
- testing 256.6-1
- unstable 256.6-1
SYSTEMD.PRESET(5) | systemd.preset | SYSTEMD.PRESET(5) |
NAME¶
systemd.preset - Service enablement presets
SYNOPSIS¶
DESCRIPTION¶
Preset files may be used to encode policy which units shall be enabled by default and which ones shall be disabled. They are read by systemctl preset which uses this information to enable or disable a unit. Depending on that policy, systemctl preset is identical to systemctl enable or systemctl disable. systemctl preset is used by the post install scriptlets of rpm packages (or other OS package formats), to enable/disable specific units by default on package installation, enforcing distribution, spin, or administrator preset policy. This allows choosing a certain set of units to be enabled/disabled even before installing the actual package. For more information, see systemctl(1).
It is not recommended to ship preset files within the respective software packages implementing the units, but rather centralize them in a distribution or spin default policy, which can be amended by administrator policy, see below.
If no preset files exist, preset operations will enable all units that are installed by default. If this is not desired and all units shall rather be disabled, it is necessary to ship a preset file with a single, catchall "disable *" line. (See example 1, below.)
When the machine is booted for the first time, systemd(1) will enable/disable all units according to preset policy, similarly to systemctl preset-all. Also see ConditionFirstBoot= in systemd.unit(5) and "First Boot Semantics" in machine-id(5).
PRESET FILE FORMAT¶
The preset files contain a list of directives, one per line. Empty lines and lines whose first non-whitespace character is "#" or ";" are ignored. Each directive consists of one of the words "enable", "disable", or "ignore", followed by whitespace and a unit name. The unit name may contain shell-style wildcards.
For the enable directive for template units, one or more instance names may be specified as a space-separated list after the unit name. In this case, those instances will be enabled instead of the instance specified via DefaultInstance= in the unit.
Presets must refer to the "real" unit file, and not to any aliases. See systemd.unit(5) for a description of unit aliasing.
Three different directives are understood: "enable" may be used to enable units by default, "disable" to disable units by default, and "ignore" to ignore units and leave existing configuration intact.
If multiple lines apply to a unit name, the first matching one takes precedence over all others.
Each preset file shall be named in the style of <priority>-<policy-name>.preset. Files in /etc/ override files with the same name in /usr/lib/ and /run/. Files in /run/ override files with the same name in /usr/lib/. Packages should install their preset files in /usr/lib/. Files in /etc/ are reserved for the local administrator, who may use this logic to override the preset files installed by vendor packages. All preset files are sorted by their filename in lexicographic order, regardless of which of the directories they reside in. If multiple files specify the same unit name, the entry in the file with the lexicographically earliest name will be applied. It is recommended to prefix all filenames with a two-digit number and a dash, to simplify the ordering of the files.
If the administrator wants to disable a preset file supplied by the vendor, the recommended way is to place a symlink to /dev/null in /etc/systemd/system-preset/ bearing the same filename.
EXAMPLES¶
Example 1. Default to off
# /usr/lib/systemd/system-preset/99-default.preset disable *
This disables all units. Due to the filename prefix "99-", it will be read last and hence can easily be overridden by spin or administrator preset policy.
Example 2. Enable multiple template instances
# /usr/lib/systemd/system-preset/80-dirsrv.preset enable dirsrv@.service foo bar baz
This enables all three of dirsrv@foo.service, dirsrv@bar.service and dirsrv@baz.service.
Example 3. A GNOME spin
# /usr/lib/systemd/system-preset/50-gnome.preset enable gdm.service enable colord.service enable accounts-daemon.service enable avahi-daemon.*
This enables the three mentioned units, plus all avahi-daemon regardless of which unit type. A file like this could be useful for inclusion in a GNOME spin of a distribution. It will ensure that the units necessary for GNOME are properly enabled as they are installed. It leaves all other units untouched, and subject to other (later) preset files, for example like the one from the first example above.
Example 4. Administrator policy
# /etc/systemd/system-preset/00-lennart.preset enable httpd.service enable sshd.service enable postfix.service disable *
This enables three specific services and disables all others. This is useful for administrators to specifically select the units to enable, and disable all others. Due to the filename prefix "00-" it will be read early and override all other preset policy files.
MOTIVATION FOR THE PRESET LOGIC¶
Different distributions have different policies on which services shall be enabled by default when the package they are shipped in is installed. On Fedora all services stay off by default, so that installing a package will not cause a service to be enabled (with some exceptions). On Debian all services are immediately enabled by default, so that installing a package will cause its services to be enabled right-away.
Even within a single distribution, different spins (flavours, remixes, whatever you might want to call them) of a distribution also have different policies on what services to enable, and what services to leave off. For example, Fedora Workstation will enable gdm as display manager by default, while the Fedora KDE spin will enable sddm instead.
Different sites might also have different policies what to turn on by default and what to turn off. For example, one administrator would prefer to enforce the policy of "sshd should be always on, but everything else off", while another one might say "snmpd always on, and for everything else use the distribution policy defaults".
Traditionally, policy about which services shall be enabled were implemented in each package individually. This made it cumbersome to implement different policies per spin or per site, or to create software packages that do the right thing on more than one distribution. The enablement mechanism was also encoding the enablement policy.
The preset mechanism allows clean separation of the enablement mechanism (inside the package scriptlets, by invoking systemctl preset) and enablement policy (centralized in the preset files), and lifts the configuration out of individual packages. Preset files may be written for specific distributions, for specific spins or for specific sites, in order to enforce different policies as needed. It is recommended to apply the policy encoded in preset files in package installation scriptlets.
SEE ALSO¶
systemd(1), systemctl(1), systemd-delta(1)
daemon(7) has a discussion of packaging scriptlets.
Fedora page introducing the use of presets: Features/PackagePresets[1].
NOTES¶
- 1.
- Features/PackagePresets
systemd 256.6 |